You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ranger.apache.org by Julien Carme <ju...@gmail.com> on 2016/01/08 19:20:01 UTC
Cannot create Hive external table
Hello,
I have just updated HDP from 2.2 to 2.3, so I am now using Ranger 0.5.0 and
Hive 1.2.1
I try to create an external table using
insert overwrite directory '/tmp/test' select * from my_table;
Previously it was working fine. But now I always get:
*Error occurred executing hive query: Error while compiling statement:
FAILED: HiveAccessControlException Permission denied: user [my_login] does
not have [WRITE] privilege on [/tmp/test]*
I tried not creating /tmp/test, I tried creating /tmp/test with 777 mod, I
tried giving any permission I can with Ranger HDFS and Hive right managers,
I tried doAs=T and doAs=F, whatever I do I always get this error message.
There is just now no way for me to create external tables.
Any help would be greatly appreciated.
Best Regards,
Re: Cannot create Hive external table
Posted by Don Bosco Durai <bo...@apache.org>.
Julien
Based on your description, it seems Hive is doing the right thing. If doAs=true, then the user “hive” need to be have the permission to impersonate others.
Also, FYI, it is recommended to run HiveServer2 as doAs=false. If any users needs access to underlying HDFS folders (or using ETL, Pig or HiveCLI), then only for those users give permission at the HDFS level also.
Thanks
Bosco
From: Julien Carme <ju...@gmail.com>
Reply-To: <us...@ranger.incubator.apache.org>
Date: Monday, January 11, 2016 at 1:07 AM
To: <us...@ranger.incubator.apache.org>
Subject: Re: Cannot create Hive external table
Hello,
Thanks for your answer.
We check the Ranger audit and the problem actually does not come from Ranger, but from Hive. DoAS=T did not work any more, "User: hive is not allowed to impersonate XXX". It works now if we change hadoop.proxyuser.hive.groups to '*'. We are trying to find a cleaner solution and to understand why that has changed.
Anyway, sorry for having posted on the Ranger mailing list a non-Ranger issue. And thanks for your help.
Julien
2016-01-08 21:50 GMT+01:00 Don Bosco Durai <bo...@apache.org>:
Julien
Have you checked the Ranger Audit logs to see whether the block came from Ranger?
Also, are you using Ranger on both HDFS and Hive side?
Thanks
Bosco
From: Julien Carme <ju...@gmail.com>
Reply-To: <us...@ranger.incubator.apache.org>
Date: Friday, January 8, 2016 at 10:20 AM
To: <us...@ranger.incubator.apache.org>
Subject: Cannot create Hive external table
Hello,
I have just updated HDP from 2.2 to 2.3, so I am now using Ranger 0.5.0 and Hive 1.2.1
I try to create an external table using
insert overwrite directory '/tmp/test' select * from my_table;
Previously it was working fine. But now I always get:
Error occurred executing hive query: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [my_login] does not have [WRITE] privilege on [/tmp/test]
I tried not creating /tmp/test, I tried creating /tmp/test with 777 mod, I tried giving any permission I can with Ranger HDFS and Hive right managers, I tried doAs=T and doAs=F, whatever I do I always get this error message. There is just now no way for me to create external tables.
Any help would be greatly appreciated.
Best Regards,
Re: Cannot create Hive external table
Posted by Julien Carme <ju...@gmail.com>.
Hello,
Thanks for your answer.
We check the Ranger audit and the problem actually does not come from
Ranger, but from Hive. DoAS=T did not work any more, "User: hive is not
allowed to impersonate XXX". It works now if we change
hadoop.proxyuser.hive.groups to '*'. We are trying to find a cleaner
solution and to understand why that has changed.
Anyway, sorry for having posted on the Ranger mailing list a non-Ranger
issue. And thanks for your help.
Julien
2016-01-08 21:50 GMT+01:00 Don Bosco Durai <bo...@apache.org>:
> Julien
>
> Have you checked the Ranger Audit logs to see whether the block came from
> Ranger?
>
> Also, are you using Ranger on both HDFS and Hive side?
>
> Thanks
>
> Bosco
>
>
> From: Julien Carme <ju...@gmail.com>
> Reply-To: <us...@ranger.incubator.apache.org>
> Date: Friday, January 8, 2016 at 10:20 AM
> To: <us...@ranger.incubator.apache.org>
> Subject: Cannot create Hive external table
>
> Hello,
>
> I have just updated HDP from 2.2 to 2.3, so I am now using Ranger 0.5.0
> and Hive 1.2.1
>
> I try to create an external table using
>
> insert overwrite directory '/tmp/test' select * from my_table;
>
> Previously it was working fine. But now I always get:
>
> *Error occurred executing hive query: Error while compiling statement:
> FAILED: HiveAccessControlException Permission denied: user [my_login] does
> not have [WRITE] privilege on [/tmp/test]*
>
> I tried not creating /tmp/test, I tried creating /tmp/test with 777 mod, I
> tried giving any permission I can with Ranger HDFS and Hive right managers,
> I tried doAs=T and doAs=F, whatever I do I always get this error message.
> There is just now no way for me to create external tables.
>
> Any help would be greatly appreciated.
>
> Best Regards,
>
>
Re: Cannot create Hive external table
Posted by Don Bosco Durai <bo...@apache.org>.
Julien
Have you checked the Ranger Audit logs to see whether the block came from Ranger?
Also, are you using Ranger on both HDFS and Hive side?
Thanks
Bosco
From: Julien Carme <ju...@gmail.com>
Reply-To: <us...@ranger.incubator.apache.org>
Date: Friday, January 8, 2016 at 10:20 AM
To: <us...@ranger.incubator.apache.org>
Subject: Cannot create Hive external table
Hello,
I have just updated HDP from 2.2 to 2.3, so I am now using Ranger 0.5.0 and Hive 1.2.1
I try to create an external table using
insert overwrite directory '/tmp/test' select * from my_table;
Previously it was working fine. But now I always get:
Error occurred executing hive query: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [my_login] does not have [WRITE] privilege on [/tmp/test]
I tried not creating /tmp/test, I tried creating /tmp/test with 777 mod, I tried giving any permission I can with Ranger HDFS and Hive right managers, I tried doAs=T and doAs=F, whatever I do I always get this error message. There is just now no way for me to create external tables.
Any help would be greatly appreciated.
Best Regards,